Alex is driven round the bend by New Labour’s excuses for not depersonalising the data on the discs what they lost:
You what? Too costly? How? Oh, right, it’s the old standby – “there’s a contract“. We can’t find you the plates for your flak jacket/diagnose your cancer within less than three months/type SELECT (names, addresses) FROM families WHERE child=Yes rather than SELECT * FROM families because there’s a contract.
So how does it work? Do they have a little taxi meter on their desks that increments every time they issue a database query? How much is Crapita or Siemens or whoever charging them per SQL statement?
So it looks like it wasn’t some junior consultant doing a dump of the entire database and bunging it on a cd on their own initiative, but semi-official policy to do so whenever an e-mail that looks like it’s from the National Audit Office arrives. It may have been against official guidelines, but when the system allows you to do this and it’s seemingly impossible to even do anything but dump the entire database because it would cost too much otherwise, guidelines are just lies on paper.
So anyway, looking at it from an IT security point of view, we see a fair few weak spots that cannot be solved by “spot checks” or “guidelines”. Just the fact that it’s possible to get a dump from the entire database and that even junior employees can do it is bad enough, but worse is the fact that the NAO thinks it’s a good idea to audit databases by requesting such a dump rather than inspecting them directly.